If I were you, I would ask administrators of your colledge LAN do I realy need Message Queue Service.
I wonder
Tiger: great post
Printable View
If I were you, I would ask administrators of your colledge LAN do I realy need Message Queue Service.
I wonder
Tiger: great post
Hey Duck: I'll correct you....lol. Seriously, I just tested Symantec's online virus scan on an XP machine booted into Safe Mode with Networking and it works fine. The screen navigation is a bit challenging due to the low resolution of being in safe mode but workable. I didn't test it with Trend Micro or other online scanners.Quote:
Originally posted here by The Duck
I think I brought up an idea along time ago, it was whether or not you could run those online scans in safe mode. I can't remember who exactly tested it, either nihil or tiger shark, one of those two, but whoever it was said they couldn't get it to work...
Correct me if I'm wrong :)...
@Tiger-Shark: I've tried out what you said and renamed ndsiuio.sys to ndsiuio.sys.old and there doesn't seem to be any problem so far. Atleast not with the network or the system.
@ikalo: I don't know if we need message queue service. This is on my personal computer in my quarters which is connected using the campus network. I've got a webserver set up. Can I disable it without causing a problem with the webserver?
But yesterday night something weird happened again. I was working with photoshop when the create new profile window of firefox popped up without me clicking anything. I clicked on cancel but it popped up again. It kept this up until I changed sygate to block all network connections. Then I checked in the task manager and firefox was using up almost 100% pf cpu time. I closed it and reconnected to the net and everything was normal again. I know this sounds crazy but it really happened and now I'm convinced that there is someone who is trying to freak me out. What can I do? I just can't seem to detect whatever he uses to connect and I can't detect his ip address.
Sounds like spyware to me.....
i've done a complete check with microsoft anti spyware beta with deep scan. It didn't show any results.
well it may be a trojan ....
its only possible if they are using a kernel rootkit because it hides the process threads from user by modifying the kernel fuctioning,
and as netstat -a shows all the connections with port no.
the trojan may have modified netstat -a fuctioning or copied with its looklike which is hiding
that trojan..
u can try a port scanner to scan all the ports (not nmap bcoz current windows version it doesn't have the ability to scan itself)
soo u can try any commercial troajn scanner if can see the the ports if it has modified the netstat command
bt if a rootkit is installed .. try using a rootkit scanner..
also wen anything like happens jus make a log of netstat -a n compare to wen its working fine..
well thats my way of thinking....
ashtified_85
"i've done a complete check with microsoft anti spyware beta with deep scan. It didn't show any results."
Spyware detection tools aren't infallible. Its always best to use a variety.
Good luck! :)
The real name of that file is "ndisuio.sys".
You need to rename it back again or better yet, boot to safe mode and replace the file (which sits in \system32\drivers) with a fresh copy of the file which sits in c:\windows\servicepackfiles\i386. When replacing, delete the old file first, do not copy atop of the old file.
It's a Microsoft file related to the user interface of the wireless configuration service.
If you don't need it, turn it off. Some wireless utilities don't work properly unless you turn this service off.
In order to disable Wireless Zero Configuration, go to:
Control Panel ---> Performance and Maintenance ---> Administrative Tools ---> Services.
Click on Wireless Zero Configuration; change the "Startup Type" drop box to "Manual" and stop the service.
Then I would scan with MS Antispyware, Adaware PE, and Spybot S&D (update them all first and run the deep/complete scans), then go to http://www.pandasoftware.com/activescan/com/
I've seen a trojan once and Panda was the only AV scanner that caught it.
You will need to disable system restore before the scan so it can repair it.
Does that solve the problem?
Well, that solves that problem. Thanks ZT3000. But I've kind of given up on this trojan thing. I guess I'll reinstall windows. It's running a little too slow right now. A fresh install should shape things up and as a side bargain, I'd get rid of the RAT as well. Thanks to everyone that tried to help me, especially Tiger Shark. :). That's a lot of useful info u posted back there.
If you are going to reinstall, disconnect your ethernet cable prior reformatting. (I like to wipe out the partition too) XP install will let you do both things during install (read the install screens carefully)
Make sure you have the latest version of your antivirus burned to a backup of some sort.
After the reinstall, install your antivirus, scan your system, activate the Win XP firewall, then plug your network cable back in and get all those updates from MS update site.